Details of VAR-199807-0005

ID

VAR-199807-0005

CVE

CVE-1999-1436

TITLE

World Wide Web Authorization Gateway Vulnerability

Trust: 0.6

sources: CNNVD: CNNVD-199807-008

DESCRIPTION

Ray Chan WWW Authorization Gateway 0.1 CGI program allows remote attackers to execute arbitrary commands via shell metacharacters in the "user" parameter. Version 1.0 fails to eliminate characters with special meaning to the shell prior to executing a command. As a result, an attacker can utilize certain characters to execute arbitrary commands on a system remotely, as whatever user invoked the cgi-bin

Trust: 1.26

sources: NVD: CVE-1999-1436 // BID: 152 // VULHUB: VHN-1417

AFFECTED PRODUCTS

vendor:	ray chan	model:	www authorization gateway	scope:	eq	version:	0.1	Trust: 1.6
vendor:	ray	model:	chan www authorization gateway	scope:	eq	version:	0.1	Trust: 0.3

sources: BID: 152 // CNNVD: CNNVD-199807-008 // NVD: CVE-1999-1436

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov:	CVE-1999-1436
value:	HIGH
Trust: 1.0
CNNVD:	CNNVD-199807-008
value:	HIGH
Trust: 0.6
VULHUB:	VHN-1417
value:	HIGH
Trust: 0.1

nvd@nist.gov:	CVE-1999-1436
severity:	HIGH
baseScore:	7.5
vectorString:	AV:N/AC:L/AU:N/C:P/I:P/A:P
accessVector:	NETWORK
accessComplexity:	LOW
authentication:	NONE
confidentialityImpact:	PARTIAL
integrityImpact:	PARTIAL
availabilityImpact:	PARTIAL
exploitabilityScore:	10.0
impactScore:	6.4
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 1.0
VULHUB:	VHN-1417
severity:	HIGH
baseScore:	7.5
vectorString:	AV:N/AC:L/AU:N/C:P/I:P/A:P
accessVector:	NETWORK
accessComplexity:	LOW
authentication:	NONE
confidentialityImpact:	PARTIAL
integrityImpact:	PARTIAL
availabilityImpact:	PARTIAL
exploitabilityScore:	10.0
impactScore:	6.4
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 0.1

sources: VULHUB: VHN-1417 // CNNVD: CNNVD-199807-008 // NVD: CVE-1999-1436

PROBLEMTYPE DATA

problemtype:

NVD-CWE-Other

Trust: 1.0

sources: NVD: CVE-1999-1436

THREAT TYPE

remote

Trust: 0.6

sources: CNNVD: CNNVD-199807-008

TYPE

input validation

Trust: 0.6

sources: CNNVD: CNNVD-199807-008

EXPLOIT AVAILABILITY

sources: VULHUB: VHN-1417

EXTERNAL IDS

db:	BID	id:	152	Trust: 2.0
db:	NVD	id:	CVE-1999-1436	Trust: 2.0
db:	CNNVD	id:	CNNVD-199807-008	Trust: 0.7
db:	BUGTRAQ	id:	19980708 WWW AUTHORIZATION GATEWAY	Trust: 0.6
db:	EXPLOIT-DB	id:	19121	Trust: 0.1
db:	VULHUB	id:	VHN-1417	Trust: 0.1

sources: VULHUB: VHN-1417 // BID: 152 // CNNVD: CNNVD-199807-008 // NVD: CVE-1999-1436

REFERENCES

url:	http://www.securityfocus.com/bid/152	Trust: 1.7
url:	http://marc.info/?l=bugtraq&m=90221104525905&w=2	Trust: 1.0
url:	http://marc.theaimsgroup.com/?l=bugtraq&m=90221104525905&w=2	Trust: 0.6
url:	http://home.hkstar.com/~west/perl98/html/auth.html	Trust: 0.3
url:	http://marc.info/?l=bugtraq&m=90221104525905&w=2	Trust: 0.1

sources: VULHUB: VHN-1417 // BID: 152 // CNNVD: CNNVD-199807-008 // NVD: CVE-1999-1436

CREDITS

This vulnerability was reported to Bugtraq by Albert Nubdy <formatez@EDUREDES.EDU.DO> on July 8, 1998.

Trust: 0.9

sources: BID: 152 // CNNVD: CNNVD-199807-008

SOURCES

db:	VULHUB	id:	VHN-1417
db:	BID	id:	152
db:	CNNVD	id:	CNNVD-199807-008
db:	NVD	id:	CVE-1999-1436

LAST UPDATE DATE

2024-08-14T15:31:23.148000+00:00

SOURCES UPDATE DATE

db:	VULHUB	id:	VHN-1417	date:	2016-10-18T00:00:00
db:	BID	id:	152	date:	2009-07-11T00:16:00
db:	CNNVD	id:	CNNVD-199807-008	date:	2005-10-20T00:00:00
db:	NVD	id:	CVE-1999-1436	date:	2016-10-18T02:04:31.943

SOURCES RELEASE DATE

db:	VULHUB	id:	VHN-1417	date:	1998-07-08T00:00:00
db:	BID	id:	152	date:	1998-07-08T00:00:00
db:	CNNVD	id:	CNNVD-199807-008	date:	1998-07-08T00:00:00
db:	NVD	id:	CVE-1999-1436	date:	1998-07-08T04:00:00